Thus spake Julie C (julie@xxxxxxx): > On Tue, Aug 23, 2011 at 8:23 AM, Mike Perry <mikeperry@xxxxxxxxxx> wrote: > > > > > <snip> > > > > SSL certificates are not isolated. They might never be. The SSL stack > > is a nightmare. > > > > > Mike, can you provide some specifics on how the SSL stack is a nightmare? I > am working on development of an open source C-based libevent2-based > stand-alone SSL MiTM proxy but have not yet hit any of the ugly stuff. > Pointers to information would also be appreciated. I was referring to the integration of NSS with the rest of Firefox. Based on my limited experience, NSS generally doesn't seem to like its state munged around with. It sort of lives in its own world and the interfaces to it are prone to race conditions and optimizations that are build on the assumption that the current use case (one set of SSL state for the entire browser) is the only desirable one. But good luck on your sketch project. May the intermediate certs be with you! -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpixJlSVjEry.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk